General
-
Target
b9e8a101512f2b8cb6223e26f8449b07371a64bad0ef7ba3fb63a3397518a817
-
Size
481KB
-
Sample
231204-veee1sch9t
-
MD5
c5b39c8776e16e1431b84c2e21784167
-
SHA1
770c958a2565fb558eead2fdf90e84d4d481708e
-
SHA256
b9e8a101512f2b8cb6223e26f8449b07371a64bad0ef7ba3fb63a3397518a817
-
SHA512
b028e8144354a0c298d704c8de9a380f41368c26c4cf19642602a3909358b35e576fca51da304615f502aa6f494603bf7a1f8bf316610bd7695873e5333d65b5
-
SSDEEP
12288:pKWIcjo+83YdbRNWGncJ3z0WkJMSsXEDLntYxbX9sLPYEAp4FYaLE0F:ptIW9sMRdcJj0eXEPntYVX9sLrAp4BDF
Static task
static1
Behavioral task
behavioral1
Sample
ORDER IV2312-002.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
ORDER IV2312-002.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
ORDER IV2312-002.exe
-
Size
627KB
-
MD5
6c35b13a84d8b7e80ebd6acfc6a6fcec
-
SHA1
c92b80bb36ea3de1a82e00e0469b4e70d1bb0861
-
SHA256
57729b4d62da45292959066a891a31d3e1f5408f158763c7f73e324b935ba6e0
-
SHA512
185fc5c302bfc56815b9979364c4dd61b034d00c19803e61194084405b8fb6e0c5353022079291acec4b24d118aa99c6d52dd1cd75a2b25c36fe7e14f1c749fc
-
SSDEEP
6144:LtJXlE7ddnDuHcfRdLv2wHyacmeo3abeS7HPX8imgN7KEm/Jt1RJdVpzlEFxX6Lv:dEh5tPPEAE8i9N61HdVpYxC2/+0
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-